WO2008063417A3 - Resource level role based access control for storage management - Google Patents

Resource level role based access control for storage management Download PDF

Info

Publication number
WO2008063417A3
WO2008063417A3 PCT/US2007/023418 US2007023418W WO2008063417A3 WO 2008063417 A3 WO2008063417 A3 WO 2008063417A3 US 2007023418 W US2007023418 W US 2007023418W WO 2008063417 A3 WO2008063417 A3 WO 2008063417A3
Authority
WO
WIPO (PCT)
Prior art keywords
identifying information
based access
role
resource
access control
Prior art date
Application number
PCT/US2007/023418
Other languages
French (fr)
Other versions
WO2008063417A2 (en
Inventor
Timothy J Thompson
James Hartwell Ii Holl
William Raoul Durant
Original Assignee
Network Appliance Inc
Timothy J Thompson
James Hartwell Ii Holl
William Raoul Durant
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Network Appliance Inc, Timothy J Thompson, James Hartwell Ii Holl, William Raoul Durant filed Critical Network Appliance Inc
Publication of WO2008063417A2 publication Critical patent/WO2008063417A2/en
Publication of WO2008063417A3 publication Critical patent/WO2008063417A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

A method, apparatus, and system for providing role-based access control (RBAC) for storage management are described herein. Resource- identifying information is stored in a role-based access database for a network storage system, in association with role-identifying information for each of a plurality of roles and operation-identifying information. The operation- identifying information indicates one or more authorized operations for each of the plurality of roles and the resource-identifying information identifies specific resources maintained by the network storage system. The role-identifying information, data indicating one or more authorized operations for at least one of the roles, and resource-specific identifying information in the role-based access database are used to determine whether to allow or deny a request from a network storage client to access a resource maintained by the network storage system.
PCT/US2007/023418 2006-11-17 2007-11-06 Resource level role based access control for storage management WO2008063417A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/601,096 2006-11-17
US11/601,096 US20080120302A1 (en) 2006-11-17 2006-11-17 Resource level role based access control for storage management

Publications (2)

Publication Number Publication Date
WO2008063417A2 WO2008063417A2 (en) 2008-05-29
WO2008063417A3 true WO2008063417A3 (en) 2008-11-06

Family

ID=39400981

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/023418 WO2008063417A2 (en) 2006-11-17 2007-11-06 Resource level role based access control for storage management

Country Status (2)

Country Link
US (1) US20080120302A1 (en)
WO (1) WO2008063417A2 (en)

Families Citing this family (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080244736A1 (en) * 2007-03-30 2008-10-02 Microsoft Corporation Model-based access control
US7913529B2 (en) * 2007-08-28 2011-03-29 Cisco Technology, Inc. Centralized TCP termination with multi-service chaining
US8302201B1 (en) * 2007-09-28 2012-10-30 Emc Corporation Security and licensing with application aware storage
US20090157686A1 (en) * 2007-12-13 2009-06-18 Oracle International Corporation Method and apparatus for efficiently caching a system-wide access control list
US8140693B2 (en) * 2008-05-15 2012-03-20 Hewlett-Packard Development Company, L.P. Method and system for allocating on-demand resources using a connection manager
US8677453B2 (en) 2008-05-19 2014-03-18 Cisco Technology, Inc. Highly parallel evaluation of XACML policies
US8352470B2 (en) * 2008-05-23 2013-01-08 International Business Machines Corporation Adaptive aggregation: improving the performance of grouping and duplicate elimination by avoiding unnecessary disk access
US20100031312A1 (en) * 2008-07-29 2010-02-04 International Business Machines Corporation Method for policy based and granular approach to role based access control
DE102008046639B4 (en) 2008-09-09 2011-02-24 Adrian Dr. Spalka Method for providing at least one service via a server system
US8788666B2 (en) 2008-12-31 2014-07-22 Sap Ag System and method of consolidated central user administrative provisioning
US8856881B2 (en) * 2009-02-26 2014-10-07 Genpact Global Holdings (Bermuda) Ltd. Method and system for access control by using an advanced command interface server
US8555055B2 (en) * 2009-06-02 2013-10-08 Microsoft Corporation Delegation model for role-based access control administration
US20110055276A1 (en) * 2009-08-26 2011-03-03 Brocade Communications Systems, Inc. Systems and methods for automatic inclusion of entities into management resource groups
US10540508B2 (en) * 2009-09-17 2020-01-21 Oracle International Corporation Method and apparatus for securing a database configuration
US8869295B2 (en) * 2009-10-26 2014-10-21 Bank Of America Corporation Automated privacy enforcement
CN102088351B (en) * 2009-12-08 2014-10-08 长春吉大正元信息技术股份有限公司 Authorization management system and implementation method thereof
CN102088350B (en) * 2009-12-08 2014-04-16 长春吉大正元信息技术股份有限公司 Directory service-based authorization management system and implementation method thereof
US9953178B2 (en) * 2010-02-03 2018-04-24 Os Nexus, Inc. Role based access control utilizing scoped permissions
US8635707B1 (en) * 2010-06-29 2014-01-21 Emc Corporation Managing object access
TW201211822A (en) * 2010-09-07 2012-03-16 Qsan Technology Inc Role-based access control method in iSCSI storage subsystem
CN103052957A (en) * 2010-10-25 2013-04-17 株式会社日立制作所 Storage apparatus and management method thereof
US9514204B2 (en) * 2010-11-16 2016-12-06 Gazit Group Usa, Inc. Mobile digital property portfolio management system
US8620882B2 (en) * 2010-12-29 2013-12-31 Emc Corporation Tokenization of multiple-field records
US8479302B1 (en) * 2011-02-28 2013-07-02 Emc Corporation Access control via organization charts
US9495393B2 (en) 2011-07-27 2016-11-15 EMC IP Holding Company, LLC System and method for reviewing role definitions
US9396347B2 (en) * 2011-09-01 2016-07-19 Microsoft Technology Licensing, Llc Providing status of site access requests
CN102523197B (en) * 2011-11-23 2015-09-02 何伦 Enterprise's social information exchange method, server and enterprise's social networking system
US20130218621A1 (en) * 2012-02-22 2013-08-22 Xerox Corporation Method and system for managing deadline sensitive tasks
US9081950B2 (en) * 2012-05-29 2015-07-14 International Business Machines Corporation Enabling host based RBAC roles for LDAP users
US9495380B2 (en) 2012-12-20 2016-11-15 Bank Of America Corporation Access reviews at IAM system implementing IAM data model
US9189644B2 (en) 2012-12-20 2015-11-17 Bank Of America Corporation Access requests at IAM system implementing IAM data model
US9489390B2 (en) 2012-12-20 2016-11-08 Bank Of America Corporation Reconciling access rights at IAM system implementing IAM data model
US9537892B2 (en) 2012-12-20 2017-01-03 Bank Of America Corporation Facilitating separation-of-duties when provisioning access rights in a computing system
US9529629B2 (en) 2012-12-20 2016-12-27 Bank Of America Corporation Computing resource inventory system
US9542433B2 (en) 2012-12-20 2017-01-10 Bank Of America Corporation Quality assurance checks of access rights in a computing system
US9477838B2 (en) 2012-12-20 2016-10-25 Bank Of America Corporation Reconciliation of access rights in a computing system
US9639594B2 (en) 2012-12-20 2017-05-02 Bank Of America Corporation Common data model for identity access management data
US9483488B2 (en) 2012-12-20 2016-11-01 Bank Of America Corporation Verifying separation-of-duties at IAM system implementing IAM data model
CN104584063A (en) * 2013-01-29 2015-04-29 泰尔茂株式会社 Medical information management device, medical information management system, and control method for medical information management device
US10326734B2 (en) * 2013-07-15 2019-06-18 University Of Florida Research Foundation, Incorporated Adaptive identity rights management system for regulatory compliance and privacy protection
CN103645982B (en) * 2013-11-29 2017-11-14 北京奇虎科技有限公司 Log processing method and client
CN103699849A (en) * 2013-12-23 2014-04-02 国云科技股份有限公司 Data access authorization protection method
US9614851B1 (en) * 2014-02-27 2017-04-04 Open Invention Network Llc Security management application providing proxy for administrative privileges
US9471803B2 (en) * 2014-08-07 2016-10-18 Emc Corporation System and method for secure multi-tenancy in an operating system of a storage system
CN104301149A (en) * 2014-10-27 2015-01-21 浪潮(北京)电子信息产业有限公司 Multi-data-center permission management method and system
US9465752B2 (en) 2014-12-12 2016-10-11 Software Ag Usa, Inc. Systems and/or methods for policy-based access to data in memory tiers
CN104462937B (en) * 2014-12-17 2017-05-17 中国人民解放军国防科学技术大学 Operating system peripheral access permission control method based on users
US10387263B2 (en) 2014-12-31 2019-08-20 Netapp, Inc. Centralized management center for managing storage services
US9977912B1 (en) * 2015-09-21 2018-05-22 EMC IP Holding Company LLC Processing backup data based on file system authentication
US20170147158A1 (en) * 2015-11-19 2017-05-25 Netapp, Inc. Methods and systems for managing gui components in a networked storage environment
US10958658B2 (en) * 2017-06-15 2021-03-23 Michael T. Jones Systems and methods for differentiated identification for configuration and operation
JP6894985B2 (en) 2017-07-14 2021-06-30 ヒタチ ヴァンタラ コーポレーションHitachi Vantara Corporation Methods, devices, and systems for controlling user access to data storage systems
CN107895123A (en) * 2017-11-13 2018-04-10 医渡云(北京)技术有限公司 Data access authority control method and device, method for managing user right
US10565081B2 (en) * 2017-12-28 2020-02-18 Cerner Innovation, Inc. Data protection manager
US11451554B2 (en) 2019-05-07 2022-09-20 Bank Of America Corporation Role discovery for identity and access management in a computing system
US11755760B2 (en) * 2019-10-18 2023-09-12 Asg Technologies Group, Inc. Systems and methods for secure policies-based information governance
CN111193905B (en) * 2019-12-24 2022-11-01 视联动力信息技术股份有限公司 Monitoring resource allocation method and device and readable storage medium
CN111488595B (en) * 2020-03-27 2023-03-28 腾讯科技(深圳)有限公司 Method for realizing authority control and related equipment
US11641360B2 (en) * 2020-06-30 2023-05-02 At&T Intellectual Property I, L.P. Role-based access control with complete sets of granular roles
CN112350997A (en) * 2020-10-16 2021-02-09 杭州安恒信息技术股份有限公司 Database access right control method and device, computer equipment and storage medium
CN112528249A (en) * 2020-12-18 2021-03-19 杭州立思辰安科科技有限公司 Authority management method and device suitable for network security management platform
US11797505B2 (en) * 2021-04-30 2023-10-24 Hewlett Packard Enterprise Development Lp Column browser for navigating hierarchical data structures
USD977511S1 (en) 2021-04-30 2023-02-07 Hewlett Packard Enterprise Development Lp Display with animated graphical user interface

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19954358A1 (en) * 1999-01-07 2000-07-20 Hewlett Packard Co User role access controller has computer-legible storage media and program code resident in the media for generating one or more user roles
EP1124172A2 (en) * 2000-02-07 2001-08-16 Emc Corporation Controlling access to a storage device
WO2002050691A1 (en) * 2000-12-19 2002-06-27 Mediagate, Inc. Software architecture for interaction with dynamic data sources and role based access control
WO2002073436A1 (en) * 2001-03-09 2002-09-19 Arcot Systems, Inc. Efficient computational techniques for authorization control
US20050193196A1 (en) * 2004-02-26 2005-09-01 Ming-Yuh Huang Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism
US20060010483A1 (en) * 2004-07-12 2006-01-12 International Business Machines Corporation Inherited role-based access control system, method and program product

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0697662B1 (en) * 1994-08-15 2001-05-30 International Business Machines Corporation Method and system for advanced role-based access control in distributed and centralized computer systems
US5761669A (en) * 1995-06-06 1998-06-02 Microsoft Corporation Controlling access to objects on multiple operating systems
US6023765A (en) * 1996-12-06 2000-02-08 The United States Of America As Represented By The Secretary Of Commerce Implementation of role-based access control in multi-level secure systems
US6088679A (en) * 1997-12-01 2000-07-11 The United States Of America As Represented By The Secretary Of Commerce Workflow management employing role-based access control
US6457130B2 (en) * 1998-03-03 2002-09-24 Network Appliance, Inc. File access control in a multi-protocol file server
US7673323B1 (en) * 1998-10-28 2010-03-02 Bea Systems, Inc. System and method for maintaining security in a distributed computer network
US20040199765A1 (en) * 1999-08-20 2004-10-07 Children's Medical Center Corporation System and method for providing personal control of access to confidential records over a public network
US7013485B2 (en) * 2000-03-06 2006-03-14 I2 Technologies U.S., Inc. Computer security system
US7185192B1 (en) * 2000-07-07 2007-02-27 Emc Corporation Methods and apparatus for controlling access to a resource
US7096222B2 (en) * 2000-09-01 2006-08-22 Borland Software Corporation Methods and systems for auto-instantiation of storage hierarchy for project plan
US6757901B1 (en) * 2000-12-21 2004-06-29 Cisco Technology, Inc. Method and system for setting expressions in network management notifications at an agent
US6985955B2 (en) * 2001-01-29 2006-01-10 International Business Machines Corporation System and method for provisioning resources to users based on roles, organizational information, attributes and third-party information or authorizations
US7788700B1 (en) * 2002-05-15 2010-08-31 Gerard A. Gagliano Enterprise security system
US7653930B2 (en) * 2003-02-14 2010-01-26 Bea Systems, Inc. Method for role and resource policy management optimization
US7404203B2 (en) * 2003-05-06 2008-07-22 Oracle International Corporation Distributed capability-based authorization architecture
US7424533B1 (en) * 2003-05-23 2008-09-09 Cisco Technology, Inc. Method and apparatus for role-based access control
US20050021977A1 (en) * 2003-06-25 2005-01-27 Microsoft Corporation Expression-based access control
WO2005008458A1 (en) * 2003-07-11 2005-01-27 Computer Associates Think, Inc. System and method for providing java server page security
US7650644B2 (en) * 2003-11-25 2010-01-19 Sap Aktiengesellschaft Object-based access control
US7774601B2 (en) * 2004-04-06 2010-08-10 Bea Systems, Inc. Method for delegated administration
US7340469B1 (en) * 2004-04-16 2008-03-04 George Mason Intellectual Properties, Inc. Implementing security policies in software development tools
US7546297B2 (en) * 2005-03-14 2009-06-09 Microsoft Corporation Storage application programming interface
US8762552B2 (en) * 2005-04-13 2014-06-24 Brocade Communications Systems, Inc. Fine granularity access control for a storage area network
US7748027B2 (en) * 2005-05-11 2010-06-29 Bea Systems, Inc. System and method for dynamic data redaction
US7774827B2 (en) * 2005-06-06 2010-08-10 Novell, Inc. Techniques for providing role-based security with instance-level granularity
US20070276951A1 (en) * 2006-05-25 2007-11-29 Nicholas Dale Riggs Apparatus and method for efficiently and securely transferring files over a communications network
US8381306B2 (en) * 2006-05-30 2013-02-19 Microsoft Corporation Translating role-based access control policy to resource authorization policy
US8336078B2 (en) * 2006-07-11 2012-12-18 Fmr Corp. Role-based access in a multi-customer computing environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE19954358A1 (en) * 1999-01-07 2000-07-20 Hewlett Packard Co User role access controller has computer-legible storage media and program code resident in the media for generating one or more user roles
EP1124172A2 (en) * 2000-02-07 2001-08-16 Emc Corporation Controlling access to a storage device
WO2002050691A1 (en) * 2000-12-19 2002-06-27 Mediagate, Inc. Software architecture for interaction with dynamic data sources and role based access control
WO2002073436A1 (en) * 2001-03-09 2002-09-19 Arcot Systems, Inc. Efficient computational techniques for authorization control
US20050193196A1 (en) * 2004-02-26 2005-09-01 Ming-Yuh Huang Cryptographically enforced, multiple-role, policy-enabled object dissemination control mechanism
US20060010483A1 (en) * 2004-07-12 2006-01-12 International Business Machines Corporation Inherited role-based access control system, method and program product

Also Published As

Publication number Publication date
WO2008063417A2 (en) 2008-05-29
US20080120302A1 (en) 2008-05-22

Similar Documents

Publication Publication Date Title
WO2008063417A3 (en) Resource level role based access control for storage management
US8850041B2 (en) Role based delegated administration model
CN103379089B (en) Access control method and system thereof based on security domain separation
CN103368765B (en) A kind of privileges of management system adding method and device
US20130086648A1 (en) Updating resource access permissions in a virtual computing environment
WO2006002018A3 (en) Geospatial information system and method for updating same
CN103026352A (en) Automatic removal of global user security groups
WO2009155473A3 (en) Information rights management
SG155065A1 (en) Interoperable systems and methods for peer-to-peer service orchestration
WO2011091158A3 (en) System and method for performing project management attendant to any of various types of projects
WO2004109443A3 (en) Managing data objects in dynamic, distributed and collaborative contexts
CN101593260A (en) A kind of application process of privileges of management system and device
CN101895551A (en) Resource access control method and system
US20120185528A1 (en) Session allocation for distributed virtual desktop architecture
US9692779B2 (en) Device for quantifying vulnerability of system and method therefor
US20090106844A1 (en) System and method for vulnerability assessment of network based on business model
WO2008029393A3 (en) Method for managing simultaneous modification of database objects during development
CN105827645B (en) Method, equipment and system for access control
CN107358122A (en) The access management method and system of a kind of data storage
WO2008126202A1 (en) Load distribution program for storage system, load distribution method for storage system, and storage management device
CN103763369A (en) Multi-permission distribution method based on SAN storage system
CN114726639B (en) Automatic arrangement method and system for access control policy
CN108924086A (en) A kind of host information acquisition method based on TSM Security Agent
CN105069366A (en) Account registration and management method and device
US8701202B2 (en) Method for granting an access authorization for a computer-based object in an automation system, computer program and automation system

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07861774

Country of ref document: EP

Kind code of ref document: A2